Assume you are the CFO (Chief Financial Officer) of a small to medium size firm that is publicly listed on a major U.S. stock exchange and that your firm has all its information in one database. The firm estimates that the value of the information in this database (i.e., the potential maximum loss from a cybersecurity breach) is $90,000,000. The CIO (Chief Information Officer) of your firm estimates that the probability of a cybersecurity breach, given the current level of spending on cybersecurity, is 24%. During a meeting that includes the CEO (Chief Executive Officer), CIO and you, the CIO argues that the firm needs to invest more into cybersecurity related activities because the probability of a cybersecurity breach to the firm (i.e., 24%) is too high. In response to the CIO's concern, the CEO asks you to meet with the CIO to determine how much more your firm should invest in cybersecurity activities. However, because the CEO has read the report entitled "2017 State Of Cybersecurity Among Small Business In North America" by the Council of Better Business Bureaus, she asks you to determine the amount of additional investment in cybersecurity activities based on the Gordon-Loeb Model for cybersecurity investments. Required: 1) Determine how much more your firm should invest in cybersecurity activities? In deriving your solution, assume that you and the CIO agree that the function describing the productivity of additional investments, s(z,v), is v/(1+z), where z is the level of investment in cybersecurity and vis the probability of a cybersecurity breach. In addition, assume that you will make additional investments in terms of discrete amounts of $1,000,000 (i.e., each unit of z is equal to $1,000,000). (Show all your work leading up to your solution to the above problem.) 2) List and briefly discuss the reasons why it is so difficult to justify investments in cybersecurity in publicly traded profit-oriented firms, as compared to more traditional investments like an investment in a new product line.